how are cookies retrieved from itms links stored?

I have an app where we are using wireless distribution to install for our beta users. the install/upgrade links use the form: itms-services://?action=download-manifest&url=

the apache server we're hosting the app at is protected via a cookie based au开发者_如何学Gothentication mechanism. our basic problem is that although our authentication mechanism is issuing a delete for the cookie in question, it seems that itms (or possibly safari) on the device is not respecting this delete, because subsequent requests contain the original cookie. weird.

my question is, what is actually persisting cookies for itms links opened from safari? safari itself? or itms on the device?

I can't find any documentation on this so any help is much appreciated.

ScottCher, you're right. From the access log, the itms-services agent looks like:

iTunes-iPad-M/5.1.1+(2;+16GB;+dt:75)

while Safari agent is:

Mozilla/5.0+(iPad;+CPU+OS+5_1_1+like+Mac+OS+X)+AppleWebKit/534.46+(KHTML,+like+Gecko)+Version/5.1+Mobile/9B206+Safari/7534.48.3

We faced similar issue recently. We were able to fix it by adding "Allow HEAD" to the protected resource in siteminder. We are using siteminder for authentication/authorization. You may want to check if 'HEAD' is allowed in apache for the protected resource.